github.com/instana/go-sensor@v1.62.2-0.20240520081010-4919868049e1/matcher.go (about) 1 // (c) Copyright IBM Corp. 2021 2 // (c) Copyright Instana Inc. 2020 3 4 package instana 5 6 import ( 7 "fmt" 8 "regexp" 9 "strings" 10 11 "github.com/instana/go-sensor/secrets" 12 ) 13 14 const ( 15 // EqualsMatcher matches the string exactly 16 EqualsMatcher = "equals" 17 // EqualsIgnoreCaseMatcher matches the string exactly ignoring the case 18 EqualsIgnoreCaseMatcher = "equals-ignore-case" 19 // ContainsMatcher matches the substring in a string 20 ContainsMatcher = "contains" 21 // ContainsIgnoreCaseMatcher matches the substring in a string ignoring the case 22 ContainsIgnoreCaseMatcher = "contains-ignore-case" 23 // RegexpMatcher matches the string using a set of regular expressions. Each item in a term list 24 // provided to instana.NamedMatcher() must be a valid regular expression that can be compiled using 25 // regexp.Compile() 26 RegexpMatcher = "regex" 27 // NoneMatcher does not match any string 28 NoneMatcher = "none" 29 ) 30 31 // Matcher verifies whether a string meets predefined conditions 32 type Matcher interface { 33 Match(s string) bool 34 } 35 36 // NamedMatcher returns a secrets matcher supported by Instana host agent configuration 37 // 38 // See https://www.instana.com/docs/setup_and_manage/host_agent/configuration/#secrets 39 func NamedMatcher(name string, list []string) (Matcher, error) { 40 switch strings.ToLower(name) { 41 case EqualsMatcher: 42 return secrets.NewEqualsMatcher(list...), nil 43 case EqualsIgnoreCaseMatcher: 44 return secrets.NewEqualsIgnoreCaseMatcher(list...), nil 45 case ContainsMatcher: 46 return secrets.NewContainsMatcher(list...), nil 47 case ContainsIgnoreCaseMatcher: 48 return secrets.NewContainsIgnoreCaseMatcher(list...), nil 49 case RegexpMatcher: 50 var exps []*regexp.Regexp 51 for _, s := range list { 52 ex, err := regexp.Compile(s) 53 if err != nil { 54 sensor.logger.Warn("ignoring malformed regexp secrets matcher ", s, ": ", err) 55 continue 56 } 57 58 exps = append(exps, ex) 59 } 60 61 return secrets.NewRegexpMatcher(exps...) 62 case NoneMatcher: 63 return secrets.NoneMatcher{}, nil 64 default: 65 return nil, fmt.Errorf("unknown secrets matcher type %q", name) 66 } 67 } 68 69 // DefaultSecretsMatcher returns the default secrets matcher, that matches strings containing 70 // "key", "password" and "secret" ignoring the case 71 func DefaultSecretsMatcher() Matcher { 72 m, _ := NamedMatcher(ContainsIgnoreCaseMatcher, []string{"key", "password", "secret"}) 73 return m 74 }